使用wireshark抓取三次握手 | 您所在的位置:网站首页 › syn序列号 › 使用wireshark抓取三次握手 |
wireshark
使用ping命令获取IP地址
在过滤器中设置目标地址为182.92.187.217和http协议后可以得到数据 使用右键追踪tcp流后看到http协议上方有三条tcp连接,即为tcp3次握手
其中对于IP协议获取到的报文内容如下 Internet Protocol Version 4, Src: 192.168.1.108, Dst: 182.92.187.217 0100 .... = Version: 4 //IP版本 .... 0101 = Header Length: 20 bytes (5) //首部长度 Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 服务类型 Total Length: 474 //总长度 Identification: 0xf3fe (62462) //标识 Flags: 0x40, Don't fragment //标志 MF=0,DF=1 ...0 0000 0000 0000 = Fragment Offset: 0 //片偏移 Time to Live: 128 //TTL Protocol: TCP (6) //TCP协议版本 Header Checksum: 0x0000 [validation disabled] //校验和 [Header checksum status: Unverified] Source Address: 192.168.1.108 //源IP Destination Address: 182.92.187.217 //目的IP TCP第一次握手: Transmission Control Protocol, Src Port: 63627, Dst Port: 80, Seq: 4002316351, Len: 0 Source Port: 63627 //源端口 Destination Port: 80 //目的端口 [Stream index: 713] [Conversation completeness: Complete, WITH_DATA (63)] [TCP Segment Len: 0] Sequence Number: 4002316351 //seq序号 [Next Sequence Number: 4002316352] Acknowledgment Number: 0 //ack确认号 Acknowledgment number (raw): 0 1000 .... = Header Length: 32 bytes (8) //首部长度 Flags: 0x002 (SYN) //标志位 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set //URG .... ...0 .... = Acknowledgment: Not set //ACK .... .... 0... = Push: Not set //PSH .... .... .0.. = Reset: Not set //RST .... .... ..1. = Syn: Set //SYN Set=1 .... .... ...0 = Fin: Not set //SYN [TCP Flags: ··········S·] Window: 64240 //窗口大小 [Calculated window size: 64240] Checksum: 0x3471 [unverified] //校验和 [Checksum Status: Unverified] Urgent Pointer: 0 //紧急指针 Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted TCP Option - Maximum segment size: 1460 bytes TCP Option - No-Operation (NOP) TCP Option - Window scale: 8 (multiply by 256) TCP Option - No-Operation (NOP) TCP Option - No-Operation (NOP) TCP Option - SACK permitted [Timestamps] 可以看出,tcp第一次握手时,由客户端发送SYN包给服务器,将SYN为置1,序列号seq为4002316351 TCP第二次握手: Transmission Control Protocol, Src Port: 80, Dst Port: 63627, Seq: 1438817122, Ack: 4002316352, Len: 0 Source Port: 80 Destination Port: 63627 [Stream index: 713] [Conversation completeness: Complete, WITH_DATA (63)] [TCP Segment Len: 0] Sequence Number: 1438817122 [Next Sequence Number: 1438817123] Acknowledgment Number: 4002316352 1000 .... = Header Length: 32 bytes (8) Flags: 0x012 (SYN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set //ACK set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set //SYN set .... .... ...0 = Fin: Not set [TCP Flags: ·······A··S·] Window: 29200 [Calculated window size: 29200] Checksum: 0x6fea [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale TCP Option - Maximum segment size: 1440 bytes TCP Option - No-Operation (NOP) TCP Option - No-Operation (NOP) TCP Option - SACK permitted TCP Option - No-Operation (NOP) TCP Option - Window scale: 7 (multiply by 128) [Timestamps] [Time since first frame in this TCP stream: 0.029402000 seconds] [Time since previous frame in this TCP stream: 0.029402000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 62653] [The RTT to ACK the segment was: 0.029402000 seconds] [iRTT: 0.029541000 seconds] 服务器接收到SYN包之后,会给客户端发送ACK+SYN包,将ACK和SYN置1,其中ack为第一次握手时的seq+1,即ack=4002316352,seq为随机数1438817122 TCP第三次握手时: Transmission Control Protocol, Src Port: 63627, Dst Port: 80, Seq: 4002316352, Ack: 1438817123, Len: 0 Source Port: 63627 Destination Port: 80 [Stream index: 713] [Conversation completeness: Complete, WITH_DATA (63)] [TCP Segment Len: 0] Sequence Number: 4002316352 [Next Sequence Number: 4002316352] Acknowledgment Number: 1438817123 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set //ACK set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 1029 [Calculated window size: 263424] [Window size scaling factor: 256] Checksum: 0x3465 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [SEQ/ACK analysis] 第三次握手,客户端给服务器发送ACK包,确认已经收到来自服务器的连接,ACK位置1 seq为第一次握手时发送的seq+1,即4002316352,ack为第二次握手时服务器发送给客户端的seq+1,即1438817123 总结如下: SYNACKseqack第一次握手(客户端到服务器)1040023163510第二次握手(服务器到客户端)1114388171224002316352第三次握手(客户端到服务器)0140023163521438817123 |
CopyRight 2018-2019 实验室设备网 版权所有 |